1. Field of the Invention
Embodiments of the present invention generally relate to techniques for preventing unauthorized devices from connecting to a computer and, more specifically, to a method and apparatus for authorizing connections between a peripheral device and a computer system by evaluating device descriptors and modifying connection or transaction sequences to prevent unauthorized device communication.
2. Background of the Invention
Recently, personal media devices such as PDAs, smart phones, digital cameras, MP3 players and others have gained wide popularity in corporate and personal computing environments. This has been coupled with a massive increase in the available storage capacity of both integrated memory components and a class of devices known as transient storage devices (TSDs), such as USB flash drives. TSDs are easily connected to the peripheral interface of a networked enterprise computer and therefore pose a significant risk to corporate security, in terms of the management and protection of corporate intellectual property, network vulnerability and enforcement of other corporate policies.
One method of protecting a peripheral interface, such as a USB port, is to use a commercially available, software-based port monitor. These products provide administrated device authorization based on USB device identification, such as device class or a unique ID. However, software-based port protection is vulnerable to tampering, requires administration and maintenance, consumes computer resources, and may affect the performance of computer applications or legitimate peripheral devices.
There is a need in the art for improved techniques for managing peripheral ports without increased performance overhead.